CVE-2024-23775
- EPSS 1.12%
- Veröffentlicht 31.01.2024 08:15:42
- Zuletzt bearbeitet 05.06.2026 19:38:32
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
CVE-2024-23170
- EPSS 0.31%
- Veröffentlicht 31.01.2024 08:15:42
- Zuletzt bearbeitet 05.06.2026 19:38:32
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to se...
CVE-2023-52353
- EPSS 0.47%
- Veröffentlicht 21.01.2024 23:15:44
- Zuletzt bearbeitet 30.05.2025 15:15:27
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
CVE-2023-43615
- EPSS 0.78%
- Veröffentlicht 07.10.2023 01:15:10
- Zuletzt bearbeitet 05.06.2026 19:38:32
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2021-36647
- EPSS 0.16%
- Veröffentlicht 17.01.2023 21:15:10
- Zuletzt bearbeitet 05.06.2026 19:38:32
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (...
CVE-2022-46393
- EPSS 1.15%
- Veröffentlicht 15.12.2022 23:15:10
- Zuletzt bearbeitet 05.06.2026 19:38:32
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_...
CVE-2022-46392
- EPSS 0.79%
- Veröffentlicht 15.12.2022 23:15:10
- Zuletzt bearbeitet 05.06.2026 19:38:32
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key ...
CVE-2022-35409
- EPSS 1.83%
- Veröffentlicht 15.07.2022 14:15:09
- Zuletzt bearbeitet 05.06.2026 19:38:32
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This ca...
CVE-2021-43666
- EPSS 2.21%
- Veröffentlicht 24.03.2022 18:15:08
- Zuletzt bearbeitet 02.12.2025 21:15:49
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
CVE-2021-45451
- EPSS 0.92%
- Veröffentlicht 21.12.2021 07:15:06
- Zuletzt bearbeitet 21.11.2024 06:32:14
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.